Disclosure of Invention
The embodiment of the application provides a security verification method and device.
In a first aspect, an embodiment of the present application provides a security verification method, where the method includes: receiving a security verification request, wherein the security verification request comprises a user identifier and a category identifier of a sender of the security verification request; forwarding the security verification request to a connected wind control end so that the wind control end determines whether to perform information verification on the user indicated by the user identifier based on the class identifier; and responding to the received prompt information which is returned by the wind control end and used for indicating information verification, performing information verification on the user based on the prompt information, generating an information verification result, and obtaining a safety verification result based on the information verification result.
In some embodiments, the information check includes dynamic password authentication, and the hint information is information for instructing dynamic password authentication to be performed; and performing information verification on the user based on the prompt information, including: the following verification operations are performed: generating a dynamic password, and sending the generated dynamic password to a user side of a user; receiving a dynamic password sent by a user side; determining whether a dynamic password sent by a user side meets a preset condition, and if so, determining that the user passes dynamic password authentication; if the dynamic password sent by the user side does not meet the preset condition, performing incremental operation on the verification failure times of the dynamic password, determining whether the verification failure times of the current dynamic password is smaller than the preset value, and if so, continuing to perform the verification operation.
In some embodiments, the information verification of the user based on the prompt information further includes: and determining that the user fails the dynamic password authentication in response to determining that the dynamic password sent by the user side does not meet the preset condition or that the current dynamic password authentication failure times are not less than the preset value.
In some embodiments, after responding to the receiving of the prompt message returned by the wind control terminal for instructing information verification, the method further includes: setting corresponding identification information for the security verification request; and after sending the generated dynamic password to the user side of the user, the method further comprises: setting a corresponding dynamic password identification for the generated dynamic password, forming an information pair by the dynamic password and the dynamic password identification, and correspondingly storing the information pair and the identification information.
In some embodiments, the preset conditions include: the password is consistent with the dynamic password which is sent to the user terminal last time; and determining whether the dynamic password sent by the user side meets a preset condition, wherein the step comprises the following steps: and determining whether the dynamic password sent by the user side is consistent with the dynamic password in the information pair corresponding to the latest stored identification information, and if so, determining that the dynamic password sent by the user side meets the preset condition.
In some embodiments, sending the generated dynamic password to the user side of the user includes: and sending the generated dynamic password to the user side through the short message channel.
In some embodiments, before performing the verification operation for the first time, the method further comprises: and sending the address of the dynamic password verification page to the user side so that the user side jumps to the dynamic password verification page based on the address, and the user sends the dynamic password through the dynamic password verification page.
In some embodiments, obtaining the security verification result based on the information verification result includes: and if the information verification result is used for indicating that the user does not pass the information verification, generating a security verification result for indicating that the user does not pass the security verification.
In some embodiments, obtaining the security verification result based on the information verification result further includes: if the information verification result is used for indicating that the user passes the information verification, the information verification result is sent to the wind control end, so that the wind control end further determines whether the user passes the safety verification based on the category identification; and receiving a safety verification result returned by the wind control end.
In some embodiments, after forwarding the security verification request to the connected wind control terminal, the method further includes: and receiving a safety verification result returned by the wind control end after the wind control end determines not to verify the information of the user and determines whether the user passes the safety verification based on the class identification.
In some embodiments, the above method further comprises: and returning the security verification result to the sender.
In a second aspect, an embodiment of the present application provides a security verification apparatus, including: a receiving unit configured to receive a security authentication request, wherein the security authentication request includes a user identifier and a category identifier of a sender of the security authentication request; the forwarding unit is configured to forward the security verification request to the connected wind control terminal so that the wind control terminal determines whether to perform information verification on the user indicated by the user identification based on the class identification; the processing unit is configured to respond to the fact that prompt information which is returned by the wind control end and used for indicating information verification is received, conduct information verification on the user based on the prompt information, generate an information verification result, and obtain a safety verification result based on the information verification result.
In some embodiments, the information check includes dynamic password authentication, and the hint information is information for instructing dynamic password authentication to be performed; and the processing unit includes: a first execution subunit configured to perform the following validation operations: generating a dynamic password, and sending the generated dynamic password to a user side of a user; receiving a dynamic password sent by a user side; determining whether a dynamic password sent by a user side meets a preset condition, and if so, determining that the user passes dynamic password authentication; and the second execution subunit is configured to perform incremental operation on the verification failure times of the dynamic password if the dynamic password sent by the user side does not meet the preset condition, determine whether the verification failure times of the current dynamic password is smaller than a preset value, and continue to perform the verification operation if the verification failure times of the current dynamic password is smaller than the preset value.
In some embodiments, the processing unit further comprises: and the determining subunit is configured to determine that the user fails the dynamic password authentication in response to determining that the dynamic password sent by the user terminal does not meet the preset condition or that the current dynamic password authentication failure times are not less than a preset value.
In some embodiments, the above apparatus further comprises: a first setting unit configured to set corresponding identification information for the security authentication request; and a storage unit configured to set a corresponding dynamic password identification for the generated dynamic password, to constitute an information pair with the dynamic password identification, and to store the information pair and the identification information in correspondence.
In some embodiments, the preset conditions include: the password is consistent with the dynamic password which is sent to the user terminal last time; and the first execution subunit is further configured to: and determining whether the dynamic password sent by the user side is consistent with the dynamic password in the information pair corresponding to the latest stored identification information, and if so, determining that the dynamic password sent by the user side meets the preset condition.
In some embodiments, the first execution subunit is further configured to: and sending the generated dynamic password to the user side through the short message channel.
In some embodiments, the above apparatus further comprises: and the first sending unit is configured to send the address of the dynamic password authentication page to the user terminal so that the user terminal jumps to the dynamic password authentication page based on the address, and the user sends the dynamic password through the dynamic password authentication page.
In some embodiments, the processing unit further comprises: and the generating subunit is configured to generate a security verification result for indicating that the user fails the security verification if the information verification result is used for indicating that the user fails the information verification.
In some embodiments, the processing unit further comprises: the sending subunit is configured to send the information verification result to the wind control end if the information verification result is used for indicating that the user passes the information verification, so that the wind control end further determines whether the user passes the safety verification based on the category identification; and receiving a safety verification result returned by the wind control end.
In some embodiments, the above apparatus further comprises: and the first receiving unit is configured to receive a safety verification result returned by the wind control terminal after determining that the information of the user is not verified and determining whether the user passes the safety verification based on the class identification.
In some embodiments, the above apparatus further comprises: and a second sending unit configured to return the security authentication result to the sender.
In a third aspect, an embodiment of the present application provides an electronic device, including: one or more processors; a storage device having one or more programs stored thereon; when executed by the one or more processors, cause the one or more processors to implement a method as described in any implementation of the first aspect.
In a fourth aspect, the present application provides a computer-readable medium, on which a computer program is stored, which when executed by a processor implements the method described in any implementation manner of the first aspect.
According to the safety verification method and the safety verification device provided by the embodiment of the application, the safety verification request comprising the category identification and the user identification is received, and then the safety verification request is forwarded to the connected wind control terminal, so that the wind control terminal determines whether to perform information verification on the user indicated by the user identification based on the category identification. And then responding to the received prompt information which is returned by the wind control end and used for indicating information verification, performing information verification on the user, and generating an information verification result so as to obtain a safety verification result based on the information verification result. The method and the system realize the safety verification of the user, and avoid the interaction between a sender of a safety verification request and a wind control terminal, thereby ensuring that the responsibility of the sender becomes single.
Detailed Description
The present application will be described in further detail with reference to the following drawings and examples. It is to be understood that the specific embodiments described herein are merely illustrative of the relevant invention and not restrictive of the invention. It should be noted that, for convenience of description, only the portions related to the related invention are shown in the drawings.
It should be noted that the embodiments and features of the embodiments in the present application may be combined with each other without conflict. The present application will be described in detail below with reference to the embodiments with reference to the attached drawings.
Fig. 1 illustrates an exemplary system architecture 100 to which embodiments of the security authentication method or security authentication apparatus of the present application may be applied.
As shown in fig. 1, the system architecture 100 may include a request side 101, a management side 103, a wind control side 105, and networks 102, 104. The network 102 serves as a medium for providing a communication link between the requesting side 101 and the managing side 103. The network 104 is used to provide a medium for a communication link between the management terminal 103 and the wind control terminal 105. The networks 102, 104 may include various connection types, such as wired, wireless communication links, or fiber optic cables, among others.
The requesting side 101 may interact with the managing side 103 via the network 102 to receive or transmit information or the like. The request end 101 may be a terminal device or a server. When the requesting end 101 is a terminal device, various communication client applications, such as a web browser application, a shopping application, a financing application, a credit application, a payment application, etc., may be installed on the requesting end 101. The terminal device may be hardware or software. When the terminal device is hardware, it may be various electronic devices with a display screen, including but not limited to smart phones, tablet computers, e-book readers, laptop portable computers, desktop computers, and the like. When the terminal device is software, the terminal device can be installed in the electronic devices listed above. It may be implemented as multiple pieces of software or software modules (e.g., to provide distributed services) or as a single piece of software or software module. And is not particularly limited herein.
The management terminal 103 may be a management server providing various services, and the management server may process the security authentication request sent by the requesting terminal 101, for example, to obtain a processing result (e.g., a security authentication result).
The wind control terminal 105 may be a wind control server providing various services, and for example, the wind control server may receive the security verification request forwarded by the management terminal 103, perform processing such as analysis on the security verification request, and return a processing result (for example, prompt information for instructing information verification) to the management terminal 103.
The management terminal 103 and the wind control terminal 105 may be the same server or different servers.
The request terminal 101, the management terminal 103, and the wind control terminal 105, which are servers, may be hardware or software. When the request terminal 101, the management terminal 103, and the wind control terminal 105 are hardware, they may be implemented as a distributed server cluster formed by multiple servers, or may be implemented as a single server. When the requesting terminal 101, the managing terminal 103 and the wind control terminal 105 are software, they may be implemented as a plurality of software or software modules (for example, to provide distributed services), or may be implemented as a single software or software module. And is not particularly limited herein.
It should be noted that the security verification method provided by the embodiment of the present application is generally executed by the management terminal 103. Accordingly, the security authentication means is generally provided in the management terminal 103.
It should be understood that the number of requesting, network, management, and wind control endpoints in fig. 1 is merely illustrative. There may be any number of request, network, management and wind control terminals, as desired for the implementation.
With continued reference to FIG. 2, a flow 200 of one embodiment of a security verification method according to the present application is shown. The process 200 of the security verification method includes the following steps:
step 201, a security verification request is received.
In this embodiment, the execution subject of the security authentication method (e.g., the management terminal 103 shown in fig. 1) may receive the security authentication request through a wired connection manner or a wireless connection manner. The security authentication request may include, among other things, a user identification and a category identification of a sender of the security authentication request (e.g., the requesting end 101 shown in fig. 1).
It should be noted that the security authentication request may be a security authentication request sent by the sender to the execution main body in response to receiving a request (e.g., a payment request, a credit request, etc.) from a user. As an example, assuming that the sender is a terminal device or a server for providing a payment capability, the category of the sender may be, for example, a payment category, and the category identifier of the sender may be, for example, a name or a number of the payment category.
Step 202, forwarding the security verification request to the connected wind control terminal.
In this embodiment, after receiving the security authentication request, the execution main body may forward the security authentication request to a connected wind control terminal (e.g., the wind control terminal 105 shown in fig. 1), so that the wind control terminal determines whether to perform information verification on the user indicated by the user identifier based on the category identifier. Wherein, the information check may include at least one of the following: dynamic password authentication, payment password authentication, fingerprint authentication, and the like. The dynamic password can be an unpredictable random number combination generated according to a special algorithm, each dynamic password can be generally used only once, and is widely applied to the application fields of online banking, online games, telecom operators, electronic commerce, enterprises and the like at present.
Note that, for example, the verification tag corresponding to the category identifier may be stored locally in advance at the wind control end. The verification tag may be used to indicate whether to add information verification to the target user. The target user may be the user indicated by the user identifier in the security authentication request from the sender under the category indicated by the category identifier. In addition, the tag value of the above-mentioned verification tag may include a first value indicating that information verification for the target user is added, and a second value indicating that information verification for the target user is not added. After receiving the security verification request forwarded by the execution main body, the wind control end may first check whether a current tag value of the verification tag corresponding to the category identifier in the security verification request is a first value, and if the current tag value is the first value, the wind control end may determine to perform information verification on the user indicated by the user identifier in the security verification request, and at this time, the wind control end may send prompt information for instructing to perform information verification to the execution main body. If the current tag value of the verification tag is not the first value, the wind control end may determine not to perform information verification on the user indicated by the user identifier.
Step 203, responding to the received prompt information which is returned by the wind control end and used for indicating information verification, performing information verification on the user, generating an information verification result, and obtaining a safety verification result based on the information verification result.
In this embodiment, the execution main body may perform information verification on the user in response to receiving prompt information for instructing to perform information verification, which is returned by the wind control end, and generate an information verification result. Moreover, the execution main body can also obtain a safety verification result based on the information verification result.
As an example, for the user indicated by the user identifier in the security authentication request received in step 201, assuming that the information verification includes payment password authentication, the execution subject may present prompt information for instructing to input a payment password to the user terminal of the user. The execution main body can respond to the received payment password returned by the user terminal and compare the payment password pre-associated with the user identifier with the payment password returned by the user terminal. If the two payment passwords are identical, the execution main body can determine that the user passes the payment password authentication, at this time, the execution main body can generate an information verification result for indicating that the user passes the payment password authentication, and can generate a security authentication result for indicating that the user passes the security authentication based on the information verification result. If the two payment passwords are not consistent, the execution main body can determine that the user fails to pass the payment password authentication, at this time, the execution main body can generate an information verification result for indicating that the user fails to pass the payment password authentication, and further can generate a security authentication result for indicating that the user fails to pass the security authentication based on the information verification result.
It should be noted that, by executing the security authentication method through the execution main body, the dependency of the sender of the security authentication request on the external system can be effectively reduced. For example, the sender only needs to rely on the execution main body, but does not need to rely on the wind control end, and the responsibility of the sender can be single. In addition, the execution main body is used for executing the safety verification method, so that the dependence of the wind control end on an external system can be reduced. For example, dependence of the wind control end on a dynamic password authentication server, a payment password authentication server, a fingerprint authentication server and the like can be avoided, the wind control end only needs to rely on the execution main body, and network interaction can be reduced. In addition, the execution main body is used for executing the safety verification method, so that the problems of redundant requests and the like can be effectively avoided.
In some optional implementations of this embodiment, if the information check includes dynamic password verification, the prompt information for instructing to perform the information check may be prompt information for instructing to perform the dynamic password verification. If the execution main body receives the prompt message from the wind control end, the execution main body may perform the following verification operations: generating a dynamic password, and sending the generated dynamic password to the user side; receiving the dynamic password sent by the user side; and determining whether the dynamic password sent by the user side meets a preset condition, and if so, determining that the user to which the user side belongs passes dynamic password authentication. If the dynamic password sent by the user side does not meet the preset condition, the execution main body can perform incremental operation on the verification failure times of the dynamic password to determine whether the verification failure times of the current dynamic password are smaller than a preset value, and if so, the execution main body can continue to execute the verification operation. If the dynamic password sent by the user side does not meet the preset condition or the current dynamic password authentication failure times are not smaller than the preset value, the execution main body can determine that the user to which the user side belongs does not pass the dynamic password authentication.
The preset conditions may include, for example: and the dynamic password is consistent with the dynamic password which is sent to the user terminal last time. Optionally, the preset condition may include that the preset condition is consistent with a dynamic password last sent to the user side, and at the same time, the preset condition may further include: the transmission time is within a preset time period. The preset time period may be a time period in which the sending time of the dynamic password sent to the user terminal last time is the starting time and the duration is a preset duration (e.g., 60 seconds). In addition, the above-mentioned number of times of failure of authentication of the dynamic password corresponds to the security authentication request received in step 201. The initial value of the number of times of failure of authentication of the dynamic password may be 0.
In some optional implementation manners of this embodiment, the execution subject may send the generated dynamic password to the user side through a short message channel. In addition, after receiving the prompt message instructing to perform information verification, the execution main body may set corresponding identification information for the received security verification request. In practice, different class identifications may correspond to different first serial number generation algorithms. The execution subject may generate a serial number by using a first serial number generation algorithm corresponding to the category identifier in the security authentication request, and set the serial number as the identifier information of the security authentication request.
In addition, after the execution main body sends the generated dynamic password to the user side, the execution main body may also set a corresponding dynamic password identifier for the dynamic password. The execution body may combine the dynamic password and the dynamic password identifier into an information pair, and store the information pair and the identifier information in a corresponding manner. For example, the information pair and the identification information are stored in association with each other in a data storage server local to the execution agent or connected to the execution agent. In practice, different category identifications may also correspond to different second serial number generation algorithms. The executing body may generate a serial number by using a second serial number generation algorithm corresponding to the category identifier in the received security authentication request, and set the serial number as the dynamic password identifier of the dynamic password.
In some optional implementation manners of this embodiment, after the execution main unit verifies the dynamic password received from the user side each time, a corresponding verification record may be generated and stored. Wherein the verification record may include, but is not limited to: the dynamic password, the above-mentioned identification information, a pair of target information corresponding to the above-mentioned identification information, a verification result, and the like. Wherein the target information pair may be an information pair including a dynamic password to which the dynamic password is compared. The verification result may include, for example, a verification success or a verification failure.
In some optional implementation manners of this embodiment, if the preset condition includes that the dynamic password is consistent with the dynamic password that is sent to the user terminal last time, the execution main body may determine whether the dynamic password sent by the user terminal is consistent with a dynamic password in an information pair corresponding to the identification information that is stored last time. If the two passwords are consistent, the execution main body can determine that the dynamic password sent by the user side meets the preset condition.
In some optional implementation manners of this embodiment, before the performing main body performs the verifying operation for the first time, the performing main body may send an address of a dynamic password verifying page to the user side, so that the user side jumps to the dynamic password verifying page based on the address, and the user sends the dynamic password through the dynamic password verifying page. It should be noted that the dynamic password authentication page may be a page based on HTML (HyperText Markup Language) 5 standard. In practice, for security authentication requests from different classes of senders, the executing agent may send the address of the same dynamic password authentication page to the user side of the user indicated by the user identifier in the security authentication request. And the execution main body can send the dynamic password to the user side through a unified short message channel. Therefore, by adopting the uniform dynamic password verification page and the uniform short message channel, repeated development can be effectively avoided, and the maintenance is convenient.
In some optional implementations of this embodiment, the execution subject may return the security authentication result to the sender of the security authentication request.
With continued reference to fig. 3, fig. 3 is a schematic diagram of an application scenario of the security authentication method according to the present embodiment. In the application scenario of fig. 3, a shopping class application may be installed on a terminal device 301 of a user, and the terminal device 301 may be communicatively connected to a payment class server 302 providing support for the shopping class application. The user can use the shopping application on the terminal device 301 to shop, and when paying, the user can send a payment request to the payment server 302 by executing a preset payment operation, wherein the payment request can comprise the user identification of the user. The payment class server 302 may then send a security verification request to the connected administration server 303 in response to receiving the payment request, wherein the security verification request may include the user identification and the class identification of the payment class server 302. The management server 303 may then forward the security authentication request to the connected wind control server 304 in response to receiving the security authentication request. Then, in response to receiving the security verification request, the wind control server 304 may determine whether to perform information verification on the user based on the category identifier, and return prompt information indicating that information verification is performed to the management server 303 after determining that information verification is performed on the user. Then, the management server 303 may perform information verification on the user in response to receiving the prompt information, and generate an information verification result, for example, an information verification result indicating that the user passes the information verification. Finally, the management server 303 may generate a security verification result indicating that the user passes the security verification in response to the information verification result being an information verification result indicating that the user passes the information verification. In addition, the management server 303 may also return the security verification result to the payment class server 302. In this way, the payment class server 302 can return the payment result to the terminal device 301 based on the received security verification result.
In the method provided by the above embodiment of the application, the security verification request including the category identifier and the user identifier is received, and then the security verification request is forwarded to the connected wind control terminal, so that the wind control terminal determines whether to perform information verification on the user indicated by the user identifier based on the category identifier. And then responding to the received prompt information which is returned by the wind control end and used for indicating information verification, performing information verification on the user, and generating an information verification result so as to obtain a safety verification result based on the information verification result. The method and the system realize the safety verification of the user, and avoid the interaction between a sender of a safety verification request and a wind control terminal, thereby ensuring that the responsibility of the sender becomes single.
With further reference to fig. 4, a flow 400 of yet another embodiment of a security authentication method is shown. The process 400 of the security verification method includes the following steps:
step 401, a security authentication request is received.
In this embodiment, the execution subject of the security authentication method (e.g., the management terminal 103 shown in fig. 1) may receive the security authentication request through a wired connection manner or a wireless connection manner. The security authentication request may include, among other things, a user identification and a category identification of a sender of the security authentication request (e.g., the requesting end 101 shown in fig. 1).
And step 402, forwarding the security verification request to the connected wind control terminal.
In this embodiment, after receiving the security authentication request, the execution main body may forward the security authentication request to a connected wind control terminal (e.g., the wind control terminal 105 shown in fig. 1). The wind control end may determine whether to perform information verification on the user indicated by the user identifier based on the category identifier, and the corresponding determination method may refer to the relevant description in the embodiment shown in fig. 2, which is not described herein again. It should be noted that the information verification may include dynamic password verification. The dynamic password can be an unpredictable random number combination generated according to a special algorithm, each dynamic password can be generally used only once, and is widely applied to the application fields of online banking, online games, telecom operators, electronic commerce, enterprises and the like at present.
In addition, when the wind control end determines not to perform information verification on the user, whether the user passes the security verification or not can be further determined based on the category identification. It should be noted that, the wind control end may locally store, in advance, security verification indication information corresponding to the category identifier, where the security verification indication information may be used to indicate how the wind control end determines whether the user passes the security verification.
As an example, the security authentication request may further include an IP (Internet Protocol) address of the user. The security verification indication information may include: if the IP address in the security verification request is consistent with the pre-stored IP address of the user, determining that the user passes the security verification; otherwise, the user is determined not to pass the security authentication.
For another example, the security authentication request may further include a face image of the user. The security verification indication information may include: if the face image in the security verification request is matched with the pre-stored face image of the user, determining that the user passes the security verification; otherwise, the user is determined not to pass the security authentication.
It should be noted that the content of the security verification indication information may be adjusted according to actual needs, and this embodiment does not limit this aspect at all.
In practice, if the wind control end determines to perform information verification on the user, for example, determines to perform dynamic password authentication on the user, the wind control end may return prompt information for instructing to perform dynamic password authentication to the execution main body, and at this time, the execution main body may execute step 403. In addition, after determining not to perform information on the user and determining whether the user passes the security authentication based on the category identifier, the wind control end may return a corresponding security authentication result to the execution main body, and at this time, the execution main body may execute step 405.
And 403, in response to receiving prompt information which is returned by the wind control end and used for indicating dynamic password authentication, performing dynamic password authentication on the user, and generating an information verification result for indicating whether the user passes the dynamic password authentication.
In this embodiment, the execution main body may perform dynamic password authentication on the user in response to receiving prompt information for instructing dynamic password authentication returned by the wind control end, and generate an information verification result for instructing whether the user passes the dynamic password authentication. It should be noted that, for the dynamic password authentication method, reference may be made to the related description in the embodiment shown in fig. 2, and details are not repeated here.
It should be noted that, if the execution main body determines that the user passes the dynamic password authentication, the information verification result generated by the execution main body may be used to indicate that the user passes the dynamic password authentication, and at this time, the execution main body may execute step 404. If the executing entity determines that the user fails the dynamic password authentication, the information verification result generated by the executing entity may be used to indicate that the user fails the dynamic password authentication, and then the executing entity may execute step 406.
And step 404, responding to the information verification result for indicating that the user passes the dynamic password verification, and sending the information verification result to the wind control end.
In this embodiment, in response to that the information verification result indicates that the user passes the dynamic password authentication, the execution main body may send the information verification result to the wind control end, so that the wind control end further determines whether the user passes the security authentication based on the category identifier.
It should be noted that, the wind control end may not only determine whether the user passes the security verification based on the category identifier automatically after determining that the information of the user is not verified. And the wind control end can also determine whether the user passes the safety verification or not based on the category identification after receiving the information verification result sent by the execution main body.
And step 405, receiving a safety verification result returned by the wind control end.
In this embodiment, when the wind control end determines not to perform information verification on the user, after the execution main body completes step 402, the execution main body may receive a security verification result returned by the wind control end. In addition, after the execution of step 404, the execution main body may also receive a security verification result returned by the wind control end.
And step 406, in response to the information verification result indicating that the user fails the dynamic password authentication, generating a security authentication result indicating that the user fails the security authentication.
In this embodiment, if the information verification result generated by the execution main body indicates that the user fails the dynamic password authentication, the execution main body may determine that the user fails the security authentication, and at this time, the execution main body may generate a security authentication result indicating that the user fails the security authentication.
Step 407, the security verification result is returned to the sender of the security verification request.
In this embodiment, after the execution of step 405 or step 406, the execution main body may return the security authentication result to the sender of the security authentication request.
As can be seen from fig. 4, compared with the embodiment corresponding to fig. 2, the process 400 of the security verification method in this embodiment highlights steps of receiving a security verification result returned by the wind control end after determining that the wind control end does not perform information verification on the user and determining whether the user passes the security verification based on the category identifier after forwarding the security verification request to the wind control end; and after generating an information verification result for indicating that the user passes the dynamic password verification, sending the information verification result to the wind control end, and then receiving a safety verification result returned by the wind control end. Therefore, the scheme described in the embodiment can realize the diversity of the acquisition modes of the security verification result and can improve the validity of the security verification result.
With further reference to fig. 5, as an implementation of the method shown in the above figures, the present application provides an embodiment of a security verification apparatus, which corresponds to the embodiment of the method shown in fig. 2, and which can be applied to various electronic devices.
As shown in fig. 5, the security authentication apparatus 500 of the present embodiment includes: the receiving unit 501 may be configured to receive a security authentication request, where the security authentication request may include a user identification and a category identification of a sender of the security authentication request; the forwarding unit 502 may be configured to forward the security verification request to the connected wind control terminal, so that the wind control terminal determines whether to perform information verification on the user indicated by the user identifier based on the class identifier; the processing unit 503 is configured to, in response to receiving prompt information for instructing information verification returned by the wind control terminal, perform information verification on the user based on the prompt information, generate an information verification result, and obtain a security verification result based on the information verification result.
In the present embodiment, in the security authentication apparatus 500: the specific processing of the receiving unit 501, the forwarding unit 502, and the processing unit 503 and the technical effects thereof can refer to the related descriptions of step 201, step 202, and step 203 in the corresponding embodiment of fig. 2, which are not described herein again.
In some optional implementations of this embodiment, the information verification may include dynamic password authentication, and the prompt information may be information for instructing to perform dynamic password authentication; and the processing unit 503 may include: a first execution subunit (not shown in the figures) configured to perform the following verification operations: generating a dynamic password, and sending the generated dynamic password to a user side of a user; receiving a dynamic password sent by a user side; determining whether a dynamic password sent by a user side meets a preset condition, and if so, determining that the user passes dynamic password authentication; and a second execution subunit (not shown in the figure), configured to, if the dynamic password sent by the user side does not meet the preset condition, perform an incremental operation on the verification failure times of the dynamic password, determine whether the current verification failure times of the dynamic password is smaller than a preset value, and if so, continue to perform the verification operation.
In some optional implementations of this embodiment, the processing unit 503 may further include: and a determining subunit (not shown in the figure) configured to determine that the user fails the dynamic password authentication in response to determining that the dynamic password sent by the user terminal does not satisfy the preset condition or that the current number of times of failure of the dynamic password authentication is not less than the preset value.
In some optional implementations of this embodiment, the apparatus 500 may further include: a first setting unit (not shown in the figure) configured to set corresponding identification information for the security authentication request; and a storage unit (not shown in the figure) configured to set a corresponding dynamic password identification for the generated dynamic password, to constitute an information pair by the dynamic password and the dynamic password identification, and to store the information pair and the identification information in correspondence.
In some optional implementations of this embodiment, the preset condition may include: the password is consistent with the dynamic password which is sent to the user terminal last time; and the first execution subunit may be further configured to: and determining whether the dynamic password sent by the user side is consistent with the dynamic password in the information pair corresponding to the latest stored identification information, and if so, determining that the dynamic password sent by the user side meets the preset condition.
In some optional implementations of this embodiment, the first execution subunit may be further configured to: and sending the generated dynamic password to the user side through the short message channel.
In some optional implementations of this embodiment, the apparatus 500 may further include: and a first sending unit (not shown in the figure) configured to send the address of the dynamic password authentication page to the user terminal, so that the user terminal jumps to the dynamic password authentication page based on the address, and the user sends the dynamic password through the dynamic password authentication page.
In some optional implementations of this embodiment, the processing unit 503 may further include: a generating subunit (not shown in the figure) configured to generate a security authentication result indicating that the user has failed the security authentication if the information verification result indicates that the user has failed the information verification.
In some optional implementations of this embodiment, the processing unit 503 may further include: a sending subunit (not shown in the figure), configured to send the information verification result to the wind control end if the information verification result is used to indicate that the user passes the information verification, so that the wind control end further determines whether the user passes the security verification based on the category identifier; and receiving a safety verification result returned by the wind control end.
In some optional implementations of this embodiment, the apparatus 500 may further include: and a first receiving unit (not shown in the figure) configured to receive a security verification result returned by the wind control terminal after determining not to perform information verification on the user and determining whether the user passes the security verification based on the class identification.
In some optional implementations of this embodiment, the apparatus 500 may further include: and a second sending unit (not shown in the figure) configured to return the security authentication result to the sender.
The device provided by the above embodiment of the application receives the security verification request including the category identifier and the user identifier, and then forwards the security verification request to the connected wind control terminal, so that the wind control terminal determines whether to perform information verification on the user indicated by the user identifier based on the category identifier. And then responding to the received prompt information which is returned by the wind control end and used for indicating information verification, performing information verification on the user, and generating an information verification result so as to obtain a safety verification result based on the information verification result. The method and the system realize the safety verification of the user, and avoid the interaction between a sender of a safety verification request and a wind control terminal, thereby ensuring that the responsibility of the sender becomes single.
Referring now to FIG. 6, a block diagram of a computer system 600 suitable for use in implementing an electronic device (e.g., the management terminal 103 shown in FIG. 1) of an embodiment of the present application is shown. The electronic device shown in fig. 6 is only an example, and should not bring any limitation to the functions and the scope of use of the embodiments of the present application.
As shown in fig. 6, the computer system 600 includes a Central Processing Unit (CPU)601 that can perform various appropriate actions and processes according to a program stored in a Read Only Memory (ROM)602 or a program loaded from a storage section 608 into a Random Access Memory (RAM) 603. In the RAM 603, various programs and data necessary for the operation of the system 600 are also stored. The CPU 601, ROM 602, and RAM 603 are connected to each other via a bus 604. An input/output (I/O) interface 605 is also connected to bus 604.
The following components are connected to the I/O interface 605: an input portion 606 including a keyboard, a mouse, and the like; an output portion 607 including a display such as a Cathode Ray Tube (CRT), a Liquid Crystal Display (LCD), and the like, and a speaker; a storage section 608 including a hard disk and the like; and a communication section 609 including a network interface card such as a LAN card, a modem, or the like. The communication section 609 performs communication processing via a network such as the internet. The driver 610 is also connected to the I/O interface 605 as needed. A removable medium 611 such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, or the like is mounted on the drive 610 as necessary, so that a computer program read out therefrom is mounted in the storage section 608 as necessary.
In particular, according to an embodiment of the present disclosure, the processes described above with reference to the flowcharts may be implemented as computer software programs. For example, embodiments of the present disclosure include a computer program product comprising a computer program embodied on a computer readable medium, the computer program comprising program code for performing the method illustrated in the flow chart. In such an embodiment, the computer program may be downloaded and installed from a network through the communication section 609, and/or installed from the removable medium 611. The above-described functions defined in the system of the present application are executed when the computer program is executed by the Central Processing Unit (CPU) 601.
It should be noted that the computer readable medium shown in the present application may be a computer readable signal medium or a computer readable storage medium or any combination of the two. A computer readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples of the computer readable storage medium may include, but are not limited to: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the present application, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. In this application, however, a computer readable signal medium may include a propagated data signal with computer readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take many forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to: wireless, wire, fiber optic cable, RF, etc., or any suitable combination of the foregoing.
Computer program code for carrying out operations for aspects of the present application may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, Smalltalk, C + + or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the case of a remote computer, the remote computer may be connected to the user's computer through any type of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or the connection may be made to an external computer (for example, through the Internet using an Internet service provider).
The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present application. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams or flowchart illustration, and combinations of blocks in the block diagrams or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
The units described in the embodiments of the present application may be implemented by software or hardware. The described units may also be provided in a processor, and may be described as: a processor includes a receiving unit, a forwarding unit, and a processing unit. Where the names of these units do not in some cases constitute a limitation on the unit itself, for example, a receiving unit may also be described as a "unit that receives a security authentication request".
As another aspect, the present application also provides a computer-readable medium, which may be contained in the electronic device described in the above embodiments; or may exist separately without being assembled into the electronic device. The computer readable medium carries one or more programs which, when executed by an electronic device, cause the electronic device to: receiving a security verification request, wherein the security verification request can comprise a user identifier and a category identifier of a sender of the security verification request; forwarding the security verification request to a connected wind control end so that the wind control end determines whether to perform information verification on the user indicated by the user identifier based on the class identifier; and responding to the received prompt information which is returned by the wind control end and used for indicating information verification, performing information verification on the user based on the prompt information, generating an information verification result, and obtaining a safety verification result based on the information verification result.
The above description is only a preferred embodiment of the application and is illustrative of the principles of the technology employed. It will be appreciated by those skilled in the art that the scope of the invention herein disclosed is not limited to the particular combination of features described above, but also encompasses other arrangements formed by any combination of the above features or their equivalents without departing from the spirit of the invention. For example, the above features may be replaced with (but not limited to) features having similar functions disclosed in the present application.